feat: Enable same VM same VNET packet tunneling to host for Transparent Vlan #1529
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tests ok (all basic functionality, 2 VMs, NS, delete, add)
tamilmani1989
requested changes
Aug 15, 2022
network/network_linux.go
Outdated
Comment on lines
95
to
98
| _, err := nm.plClient.ExecuteCommand(DisableRPFilterCmd) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("[transparent vlan] failed to disable rp filter: %w", err) | ||
| } |
Member
There was a problem hiding this comment.
lets scope this to vnet namespace level.. set disable rp_filter in vnet namespace on its creation
| azureMac = "12:34:56:78:9a:bc" // Packets leaving the VM should have this MAC | ||
| loopbackIf = "lo" // The name of the loopback interface | ||
| numDefaultRoutes = 2 // VNET NS, when no containers use it, has this many routes | ||
| tunnelingTable = 2 // Packets not entering on the vlan interface go to this routing table |
Member
There was a problem hiding this comment.
can we have same routing table number for different vnet namespaces?
| if err != nil { | ||
| return errors.Wrap(err, "transparent vlan failed to disable rp filter in vnet") | ||
| } | ||
| DisableRPFilterVlanIfCmd := strings.Replace(DisableRPFilterCmd, "all", client.vlanIfName, 1) |
Member
There was a problem hiding this comment.
can be disableRPFilterVlanIfCmd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Packets sent from a network container to another network container on the same VM and same VNET will now leave the VM, have NSG rules applied, and then return to the VM in the transparent vlan (formerly native) mode. Previously, they would be routed in the VNET namespace, never leaving the VM.
Issue Fixed:
N/A
Requirements:
Notes:
Disables rp filter to enable asymmetric routing.